SBS2008 - IMAP access to mailbox in Exchange 2007
|
Prev: Default email address?
Next: Two server updates won't install - any way to remove them from the list??
From: Ace Fekay [MVP-DS, MCT] on 9 Jan 2010 13:29 "Jim" <jim(a)dontwantspam.com> wrote in message news:hiafu0$2ia2$1(a)energise.enta.net... > How about this ? > http://www.shudnow.net/2008/02/10/client-to-server-secure-smtp-connectivity-in-exchange-server-2007 > > How about I create a new receive connector and restrict it to only > receiving inbound connections from a specific local IP address and then > removing all authentication types and allowing anonymous access and then > issuing the cmdlet: > > Get-ReceiveConnector "Receive Connector Name" | Add-ADPermission -User "NT > AUTHORITY\ANONYMOUS LOGON" -ExtendedRights > "Ms-Exch-SMTP-Accept-Any-Recipient" > > This should then allow me to relay through this connector *only* from the > IP address specified and from any older SMTP client ie Outlook 2003 and > also my telephone IP software PBX. > > OK, I've tried this and it does seem to work ! > > OK, I can see my telephone software IP PBX not being up to date enough to > work with Excghange 2007, but for the life of me I cannot see why I'm > getting these issues with Outlook 2003.. > As I said earlier Outlook 2007 seems to work without a hitch....why not > Outlook 2003 ? > > As it is their was no other previous receive connectors specifically for > 'Client' access, all their was were the default three: > > Default 'SERVERNAME' > Windows SBS Fax Sharepoint Receive 'SERVERNAME' > Windows SBS Internet Receive 'SERVERNAME' > > So do you think I'm OK to implement the solution above at the customer > site so long as I am very careful to only include the local IP address of > the Telephone software IP PBX server whose voicemail function requires > IMAP/SMTP to send receive voicemail messages. > > Jim. > > > Jim, I mentioned about creating an additional receive connector, however I also mentioned it rquires an additonal IP address on the SBS, which will cause problems, and I suggested to not do it because of that reason. Have you tried to use port 587 to use the default client receive connector?? Ace
From: Ace Fekay [MVP-DS, MCT] on 9 Jan 2010 14:26 "Ace Fekay [MVP-DS, MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message news:uvoFomVkKHA.5604(a)TK2MSFTNGP04.phx.gbl... > Jim, > > I mentioned about creating an additional receive connector, however I also > mentioned it rquires an additonal IP address on the SBS, which will cause > problems, and I suggested to not > do it because of that reason. > > Have you tried to use port 587 to use the default client receive > connector?? > > Ace > Jim, try this for the user account, althought it shouldn't really need it, but give it a shot (substitute the user account alias for my name). Set-CASMailbox -Identity afekay -IMAPEnabled $true Ace
From: Jim on 9 Jan 2010 15:33 The telephone PBX server IMAP settings tab has very little which can be changed, I don't think it can be changed to use any other port for SMTP other than 25. No, It can't be configured to use any other port other that 25. And if I engage SMTP authentication on the telephone PBX server then it fails in the same way that Outlook 2003 is failing regards the unable to relay. That's why I have to have authentication turned off. Why would the additional receive connector require a different IP address ? not sure I follow you on that one.. Surely it's just an open SMTP receive connector that will *only* accept incoming SMTP connections from the IP address which is specified as per the article that I was looking at on the internet. Like you said before this is nothing to do with IMAP per se...that is retrieval and works in all cases, it's the sending part of the account which uses SMTP which is what the issue is regards the 'unable to relay'. I think that the solution that I have configured on my test server as per the article is perhaps what I need, I just need to make sure it hasn't thrown any other spanners in the works so as to speak. Jim. "Ace Fekay [MVP-DS, MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message news:e9Y7vGWkKHA.4912(a)TK2MSFTNGP02.phx.gbl... > "Ace Fekay [MVP-DS, MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in > message news:uvoFomVkKHA.5604(a)TK2MSFTNGP04.phx.gbl... > >> Jim, >> >> I mentioned about creating an additional receive connector, however I >> also mentioned it rquires an additonal IP address on the SBS, which will >> cause problems, and I suggested to not >> do it because of that reason. >> >> Have you tried to use port 587 to use the default client receive >> connector?? >> >> Ace >> > > Jim, try this for the user account, althought it shouldn't really need it, > but give it a shot (substitute the user account alias for my name). > > Set-CASMailbox -Identity afekay -IMAPEnabled $true > > Ace > > >
From: Ace Fekay [MVP-DS, MCT] on 9 Jan 2010 18:38 "Jim" <jim(a)dontwantspam.com> wrote in message news:hiap78$3172$1(a)energise.enta.net... > The telephone PBX server IMAP settings tab has very little which can be > changed, I don't think it can be changed to use any other port for SMTP > other than 25. > > No, It can't be configured to use any other port other that 25. > > And if I engage SMTP authentication on the telephone PBX server then it > fails in the same way that Outlook 2003 is failing regards the unable to > relay. > > That's why I have to have authentication turned off. > > Why would the additional receive connector require a different IP address > ? not sure I follow you on that one.. > > Surely it's just an open SMTP receive connector that will *only* accept > incoming SMTP connections from the IP address which is specified as per > the article that I was looking at on the internet. > > Like you said before this is nothing to do with IMAP per se...that is > retrieval and works in all cases, it's the sending part of the account > which uses SMTP which is what the issue is regards the 'unable to relay'. > > I think that the solution that I have configured on my test server as per > the article is perhaps what I need, I just need to make sure it hasn't > thrown any other spanners in the works so as to speak. > > Jim. > The default is what the server uses. The "client" is what was intended for client connectivity, for security reasons, hence the different port number, wihch is recommended. If you want to totally remove authentication, in other words, to allow relaying on the default SMTP send connector, be forewarned anyone from the outside world can send through it, such as spammers. Take a look at the following: How to Disable Relay for Authenticated Users in Exchange 2007 http://forums.msexchange.org/m_1800460783/tm.htm I don't know which article you were reading on the internet, whether one I provided or another, but here is one that has a step by step to create the additional connector, but as I said it requires an additional IP address on the server. Also be forewarned that if you add an IP address to the SBS for this purpose (AS I previously posted), I gurantee IT WILL cause problems on the SBS. Exchange 2007: How to allow relay exceptions http://blogs.techrepublic.com.com/networking/?p=373 Please clearly document any changes you make in case you need to review or revert back. Test the above and see if it will work for your needs. Ace
From: Jim on 10 Jan 2010 04:54
>be forewarned anyone from the outside world can send through it, such as >spammers. How are they going to do this ? when I restrict it to *only* receive incoming connections from the LAN from a single LAN IP address ? I am removing the 0.0.0.0-255.255.255.255 and substituting this with the single LAN IP of the telephone PBX. The software vendors instructions are to do this also but to use Windows Intergraded authentication also.. But as we've seen their older version of their software doesn't seem to want to work with Exchange 2007 in the same way that Outlook 2003 doesn't...hence the need to go back to a similar model as used in Exchange 2003. I've tried to send through an authenticated SMTP connection from another PC whose IP address isn;t in the allow list and I can confirm that it doesn't work.. It only works from the IP address which I have allowed. Have you tried to setup and IMAP account in Outlook 2003 and tried to reply to a message received via IMAP and sent back out to your Exchange Server 2007 using an authenticated SMTP connection from Outlook 2003 ? I'll bet it doesn't work... Try the exact same thing from Outlook 2007 and it will.. Why I wonder ? what's the difference between Outlook 2003 and Outlook 2007 regards this ? obviously something different somewhere.. Jim. "Ace Fekay [MVP-DS, MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message news:#pCIRTYkKHA.4772(a)TK2MSFTNGP04.phx.gbl... > "Jim" <jim(a)dontwantspam.com> wrote in message > news:hiap78$3172$1(a)energise.enta.net... >> The telephone PBX server IMAP settings tab has very little which can be >> changed, I don't think it can be changed to use any other port for SMTP >> other than 25. >> >> No, It can't be configured to use any other port other that 25. >> >> And if I engage SMTP authentication on the telephone PBX server then it >> fails in the same way that Outlook 2003 is failing regards the unable to >> relay. >> >> That's why I have to have authentication turned off. >> >> Why would the additional receive connector require a different IP address >> ? not sure I follow you on that one.. >> >> Surely it's just an open SMTP receive connector that will *only* accept >> incoming SMTP connections from the IP address which is specified as per >> the article that I was looking at on the internet. >> >> Like you said before this is nothing to do with IMAP per se...that is >> retrieval and works in all cases, it's the sending part of the account >> which uses SMTP which is what the issue is regards the 'unable to relay'. >> >> I think that the solution that I have configured on my test server as per >> the article is perhaps what I need, I just need to make sure it hasn't >> thrown any other spanners in the works so as to speak. >> >> Jim. >> > > > The default is what the server uses. The "client" is what was intended for > client connectivity, for security reasons, hence the different port > number, wihch is recommended. > > If you want to totally remove authentication, in other words, to allow > relaying on the default SMTP send connector, be forewarned anyone from the > outside world can send through it, such as spammers. > > Take a look at the following: > > How to Disable Relay for Authenticated Users in Exchange 2007 > http://forums.msexchange.org/m_1800460783/tm.htm > > I don't know which article you were reading on the internet, whether one I > provided or another, but here is one that has a step by step to create the > additional connector, but as I said it requires an additional IP address > on the server. > > Also be forewarned that if you add an IP address to the SBS for this > purpose (AS I previously posted), I gurantee IT WILL cause problems on the > SBS. > > Exchange 2007: How to allow relay exceptions > http://blogs.techrepublic.com.com/networking/?p=373 > > Please clearly document any changes you make in case you need to review or > revert back. Test the above and see if it will work for your needs. > > > Ace > > > > |